Forum Discussion

f5mkuDefault's avatar
Mar 26, 2021

Updating device certificate

Hi experts,

 

I am trying to update my device certificates.

 

what is the difference between these 2?

 

System >> Certificate Management : Device Certificate Management : Device Certificate Signing Request >> server.csr

 

System >> Certificate Management : Traffic Certificate Management : SSL Certificate List >> New SSL Certificate (Then create using Certificate Authority)

 

This is because when I genereated CSR I used the 2nd one, I forgot to create it under the device certificate management.

Will this still work?

 

Thank you in advance.

 

4 Replies

  • Hi there

    As long as you have a valid certificate and key you can import them as a Decide Certificate. So if the subject names in the CSR also covers the FQDN of the device you want to have the certificate for it will work just fine.

     

    1. Go to Certificate Management -> Device Certificate Management -> Device Certificate
    2. Click Import
    3. Choose Certificate and Key from the drop-down
    4. Paste/upload a valid certificate and key pair
    5. Click import

     

     

    Kind regards,

    Patrik

  • Thanks Patrick. it did work however I need to bundle the certificate (cert + chain + root).

  • If you're running a newer device you can add the chain via the UI:

    If running a v12 you can follow this guide:

    https://support.f5.com/csp/article/K13302

     

    • f5mkuDefault's avatar
      f5mkuDefault
      Icon for Cirrus rankCirrus

      thank you, actually i got confuse with that but I am certain the CSR can be taken from any machine. Can also be taken from a winserver etc.

      I just got confused why there are 2 ways to do it in F5. One that is dedicated for device management and another for app services.

       

      but anyway I was able to get it working by bundling the cert, chain and root.

       

      Installing the cert, chain and root separate in F5 it does not work.